validate_uniqueness_of works by making a new record and comparing it with an existing one in the database. If there is not a record already in the database, it will create one. Unfortunately when auto-creating a record, it is not smart enough to set attributes on it that will make it successfully save. Hence, in this case we suggest you pre-create a record before you call validate_uniqueness_of. Like so:

it doFactoryGirl.create(:my_model)
should validate_uniqueness_of(:whatever)
end

However, it is interesting that this fails only under Rails 4. I would expect it to fail also under Rails 3.1 and 3.2.

It appears that the Rails 4 version of has_secure_passwordadds a before_create to ensure that password_digest is filled in; however, the Rails 3 version does not have this check. This is why this test is failing in Rails 4 and not Rails 3.

To go back to the point I made in the previous comment, though, the solution is to create a valid record (i.e., one that has password_digest set) before you call validate_uniqueness_of. You can use a factory library to do this, or you can do this yourself.

I would actually expect your second spec to fail since there is no pre-existing record.

The third spec is failing because it expects the record you're creating to have a attr attribute whose value is non-nil. Since you don't, it tries to create a record, which fails for the same reason it has failed before.